在SVM中String Kernel应用.pdf

String Kernel Based SVM for Internet Security Implementation 1 1 1 2 Zbynek Michlovsk´y , Shaoning Pang , Nikola Kasabov , Tao Ban , and Youki Kadobayashi2 1 Knowledge Engineering Discover Research Institute Auckland University of Technology, Private Bag 92006, Auckland 1020, New Zealand {spang,nkasabov}@aut.ac.nz 2 Information Security Research Center, National Institute of Information and Communications Technology, Tokyo, 184-8795 Japan bantao@nict.go.jp, youki-k@is.aist-nara.ac.jp Abstract. For network intrusion and virus detection, ordinary meth- ods detect malicious network traffic and viruses by examining packets, flow logs or content of memory for any signatures of the attack. This implies that if no signature is known/created in advance, attack detec- tion will be problematical. Addressing unknown attacks detection, we develop in this paper a network traffic and spam analyzer using a string kernel based SVM (support vector machine) supervised machine learn- ing. The proposed method is capable of detecting network attack with- out known/earlier determined attack signatures, as SVM automatically learning attack signatures from traffic data. For application to internet security, we have implemented the proposed method for spam email de- tection over the SpamAssasin and E. M. Canada datasets, and network application authentication via real connection data analysis. The ob- tained above 99% accuracies have demonstrated the usefulness of string kernel SVMs on network security f